Published: 15/05/2019 Updated: 27/05/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote malicious user to crash the process due to a Use After Free vulnerability.

Vulnerability Trend

Affected Products

Vendor Product Versions
Miniupnp ProjectMiniupnpd1.4, 1.5

Vendor Advisories

Debian Bug report logs - #929297 minissdpd: CVE-2019-12106 Package: minissdpd; Maintainer for minissdpd is Thomas Goirand <zigo@debianorg>; Source for minissdpd is src:minissdpd (PTS, buildd, popcon) Reported by: "Chris Lamb" <lamby@debianorg> Date: Tue, 21 May 2019 06:09:01 UTC Severity: grave Tags: fixed-upstrea ...